package org.syyo.admin.aspect;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.syyo.admin.anno.CheckPermissions;
import org.syyo.admin.common.enums.ResultEnum;
import org.syyo.admin.domain.ResultVo;
import org.syyo.admin.domain.response.MenuResp;
import org.syyo.admin.domain.response.RoleResp;
import org.syyo.admin.domain.response.UserResp;
import org.syyo.admin.mapper.UserMapper;

import javax.servlet.http.HttpServletRequest;
import java.util.List;

/**
 * @Auther: wangzhong
 * @Date: 2019/12/9 17:25
 * @Description: 校验权限的注解的切面
 */
@Aspect
@Component
public class CheckPermissionsAspect {

    private static final String ADMIN = "admin"; //admin的角色享有所有权限

    @Autowired
    private UserMapper userMapper;

    @Around("@annotation(CheckPermissions)")
    public Object around(ProceedingJoinPoint pjp, CheckPermissions CheckPermissions) throws Throwable {

        //获取注解上的权限标识
        String requiresPerm = CheckPermissions.value();
        //获取request
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        //获取token
        String token = request.getHeader("X-Token");

        //默认没有权限
        boolean isAuth = false;
        //默认不是admin角色
        boolean isAdmin = false;
        //根据token查询用户
        UserResp user = userMapper.getUserByToken(token);
        if (user == null){
            return notAuth();
        }

        //判断用户是不是admin角色
        List<RoleResp> roles = user.getRoles();
        if (roles != null && roles.size()>0){
            for (RoleResp role : roles) {
                String roleKey = role.getRoleKey();
                if (ADMIN.equals(roleKey)){
                    isAdmin = true;
                }
            }
        }

        if (isAdmin){
            //用户包含admin角色，享有所有权限，直接返回true表示通过
            return pjp.proceed();
        }else {
            //根据token，获取该用户的所有权限
            List<MenuResp> menus = user.getMenus();
            if (menus == null|| menus.size() <= 0 ){
                //没有权限
                return notAuth();
            }

            // 循环比较用户的权限
            for (MenuResp menu : menus) {
                if(menu != null){
                    String perms = menu.getPerms();
                    if(requiresPerm.equals(perms)){
                        //表示有权限
                        isAuth = true;
                    }
                }
            }
        }
        //判断权限参数
        if (!isAuth){
            //没有权限
            return notAuth();
        }
        return pjp.proceed();
    }

    /**
     * 没有权限
     * @return
     */
    private ResultVo notAuth()  {
        ResultVo<Object> resultVo = new ResultVo<>();
        resultVo.setCode(ResultEnum.NOT_AUTH.getCode());
        resultVo.setMessage(ResultEnum.NOT_AUTH.getMessage());
        return resultVo;
    }
}
